Presentation is loading. Please wait.

Presentation is loading. Please wait.

JD’s ToolBox – Fire and Water Toolkit Next Generation Web Assessment Technology NT OBJECTives, Inc.

Published byDennis Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "JD’s ToolBox – Fire and Water Toolkit Next Generation Web Assessment Technology NT OBJECTives, Inc."— Presentation transcript:

1

2 JD’s ToolBox – Fire and Water Toolkit Next Generation Web Assessment Technology NT OBJECTives, Inc.

3 Overview Web Architecture Web Hack Attacks Our solution Fire and Water Toolkit

4 NT OBJECTives, Inc. Web Server DB Web app Web Client Web app HTTP request (cleartext or SSL) HTTP reply (HTML, Javascript, VBscript, etc) Plugins: Perl C/C++ JSP, etc Database connection: ADO, ODBC, etc. SQL Database Apache IIS Netscape etc… Firewall

5 NT OBJECTives, Inc. Web Server DB Web app http: // 10.0.0.1 / catalog / display.asp ? pg = 1 & product = 7

6 NT OBJECTives, Inc. Current Top Web Issues are: 1.Source Code Disclosure 2.Directory Browsing 3.File Upload Attacks 4.Backup and Archive Issues 5.Web Server Vulns 6.Remote Command Execution 7.SQL Injection Attacks

7 NT OBJECTives, Inc. The web and e-commerce applications are the main focus of our efforts Web applications are important and growing in importance Web applications are complex and growing in complexity Our tool releases our going to have web specific priority

8 NT OBJECTives, Inc. Fire and Water Our attempt to take web assessment to the next level Toolkit is targeted at assessment professionals Supports our initiative for providing complete assessment and defense services

9 NT OBJECTives, Inc. Chaos – Current Situation Lots of good tools on the net – but none work together No standard for output Making a report from all these src’s is difficult at best - To do your job well, you require all this info

10 NT OBJECTives, Inc. Fire Set of tools for assessment professionals Allows scripting Allows remote usage - Really shines on mapping internal networks from external findings

11 NT OBJECTives, Inc. XML Automation ntoscan | ntoroute | ntoweb | ntomap | ntotrend = coolness

12 NT OBJECTives, Inc. Tool Descriptions ntoscan – TCP/UDP scanner – No Banners, OSPrints ntoroute – TCMP/TCP traceroute tool ntoweb - web vuln crawler ntomap - network topology generator ntotrend – data trend tool (multiple reports over time)

13 NT OBJECTives, Inc. Fire and Water Architecture 1.Complete XML Data Architecture 2.XML/XSL Reports are THE solution 3.Targeted Web Priority and Visualization 4.XML Mapping technology highlights web trouble spots 5.Superior Support for Data Trends over Time

14 NT OBJECTives, Inc. CLI Interface Power CLI chosen as most powerful for experts Allows scripting Allows remote usage - Really shines on mapping internal networks from external findings

15 NT OBJECTives, Inc. Web Focused Data Model By default, tools record web data Pinpoints and highlights web trouble spots Map visually distinguishes between web services and traditional services Completely designed to help resolve web security issues

16 NT OBJECTives, Inc. XML Data Cohesion All tools output XML Results are sortable Reports are appendable Building large analysis sets from tools is possible DB storage with SQL databases is possible Query analysis Trend analysis

17 NTOScanner

18

19

20 NTOScanner + NTORoute

21

22 NTOMap

23

24 NT OBJECTives, Inc. NTOScan Report

25 NT OBJECTives, Inc. Water = NTOWire Command line driver ISAPI filter Installable remotely/scriptable Updateable via Snort Signatures - stay quickly up to date against the latest vulns

26 NT OBJECTives, Inc. NTOWire Usage ntowire –install ntowire –load ntowire –unload ntowire -uninstall

27 NT OBJECTives, Inc. Look for updates from us We’re back, We’re just getting started New tools New vision New capabilities

28 NT OBJECTives, Inc. JD Glaser Erik Caso Mike Morton NT OBJECTives, Inc.

Download ppt "JD’s ToolBox – Fire and Water Toolkit Next Generation Web Assessment Technology NT OBJECTives, Inc."

Similar presentations

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Database System Concepts and Architecture

Database System Concepts and Architecture
Lecture plan Information retrieval (from week 11)

Lecture plan Information retrieval (from week 11)
1 Enabling OpenVMS for Data & Application Integration www.attunity.comNovember 30, 2005 *John Apps – HP Strategic Planning and Architecture *Mark Peterson.

1 Enabling OpenVMS for Data & Application Integration 30, 2005 *John Apps – HP Strategic Planning and Architecture *Mark Peterson.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
One-Way Hacking: Futility of Firewalls in Web Hacking JD Glaser, Saumil Shah Foundstone Inc.

One-Way Hacking: Futility of Firewalls in Web Hacking JD Glaser, Saumil Shah Foundstone Inc.
Session 6 Server-side programming - ASP. An ASP page is an HTML page interspersed with server-side code. The.ASP extension instead of.HTM denotes server-side.

Session 6 Server-side programming - ASP. An ASP page is an HTML page interspersed with server-side code. The.ASP extension instead of.HTM denotes server-side.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
Introduction to ASP.NET. 2 © UW Business School, University of Washington 2004 Outline Static vs. Dynamic Web Pages.NET Framework Installing ASP.NET First.

Introduction to ASP.NET. 2 © UW Business School, University of Washington 2004 Outline Static vs. Dynamic Web Pages.NET Framework Installing ASP.NET First.
DATABASE APPLICATION DEVELOPMENT SAK 3408 The Web and DBMS.

DATABASE APPLICATION DEVELOPMENT SAK 3408 The Web and DBMS.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Multiple Tiers in Action

Multiple Tiers in Action
Apache Tomcat Server Typical html Request/Response cycle

Apache Tomcat Server Typical html Request/Response cycle
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS eCommerce Technology 20-751 Lecture 4: Web Architecture.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS eCommerce Technology Lecture 4: Web Architecture.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Similar presentations

Ads by Google